Adds a dark side navigation theme with Menu templatizing and some css tweaks adds logo to landing page.

README.md

@@ -3,6 +3,20 @@
 
 # MozDef: Mozilla Enterprise Defense Platform
 
+## Documentation:
+
+http://mozdef.readthedocs.org/en/latest/
+
+
+## Give MozDef a Try in AWS:
+
+The following button will launch the Mozilla Enterprise Defense Platform in your AWS account.
+
+**Warning:** Pressing the "Launch Stack" button and following through with the deployment will incur charges to your AWS account. 
+
+[![Launch MozDef](docs/source/images/cloudformation-launch-stack.png)][1]
+
+
 ## Why?
 
 The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.
@@ -22,12 +36,4 @@ The Mozilla Enterprise Defense Platform (MozDef) seeks to automate the security
 
 MozDef is in production at Mozilla where we are using it to process over 300 million events per day.
 
-## Give MozDef a Try in AWS:
-
-[![Launch MozDef](docs/source/images/cloudformation-launch-stack.png)][1]
-
-## Documentation:
-
-http://mozdef.readthedocs.org/en/latest/
-
-[1]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=mozdef-for-aws&templateURL=https://s3-us-west-2.amazonaws.com/public.us-west-2.infosec.mozilla.org/mozdef/cf/v1.38.5/mozdef-parent.yml
+[1]: https://console.aws.amazon.com/cloudformation/home?region=us-west-2#/stacks/new?stackName=mozdef-for-aws&templateURL=https://s3-us-west-2.amazonaws.com/public.us-west-2.infosec.mozilla.org/mozdef/cf/v1.38.5/mozdef-parent.yml

alerts/cloudtrail_public_bucket.py

@@ -0,0 +1,42 @@
+#!/usr/bin/env python
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at http://mozilla.org/MPL/2.0/.
+# Copyright (c) 2014 Mozilla Corporation
+
+
+from lib.alerttask import AlertTask
+from mozdef_util.query_models import SearchQuery, TermMatch, ExistsMatch
+
+
+class AlertCloudtrailPublicBucket(AlertTask):
+    def main(self):
+        search_query = SearchQuery(minutes=20)
+
+        search_query.add_must([
+            TermMatch('source', 'cloudtrail'),
+            TermMatch('details.eventname', 'PutBucketPolicy'),
+            ExistsMatch('details.requestparameters.bucketpolicy.statement.principal')
+        ])
+
+        self.filtersManual(search_query)
+        self.searchEventsSimple()
+        self.walkEvents()
+
+    # Set alert properties
+    def onEvent(self, event):
+        request_parameters = event['_source']['details']['requestparameters']
+        for statement in request_parameters['bucketpolicy']['statement']:
+            if statement['principal'] != '*':
+                return
+        category = 'access'
+        tags = ['cloudtrail']
+        severity = 'INFO'
+
+        bucket_name = 'Unknown'
+        if 'bucketname' in request_parameters:
+            bucket_name = request_parameters['bucketname']
+
+        summary = "The s3 bucket {0} is listed as public".format(bucket_name)
+        return self.createAlertDict(summary, category, tags, [event], severity)

meteor/.meteor/versions

@@ -98,7 +98,7 @@ templating-compiler@1.3.3
 templating-runtime@1.3.2
 templating-tools@1.1.2
 tracker@1.2.0
-twbs:bootstrap@3.3.6
+twbs:bootstrap@3.3.5
 ui@1.0.13
 underscore@1.0.10
 url@1.2.0

meteor/client/greeting.html

@@ -0,0 +1,8 @@
+<!--a nice greeting-->
+<template name="hello">
+    <div class="container">
+        <div class="row center">
+            <p class="welcome"><img class="mozdeflogo" src="/images/moz_defense-platform_01.png"><br/> {{greeting}}</p>
+        </div>
+    </div>
+</template>

meteor/client/greeting.js

@@ -0,0 +1,17 @@
+if ( Meteor.isClient ) {
+
+    Template.hello.helpers( {
+        greeting: function() {
+            if ( typeof console !== 'undefined' )
+                console.log( "mozdef starting" );
+            return "Hand made by Mozilla";
+        }
+    } );
+
+    Template.hello.events( {
+        'click': function() {
+            // template data, if any, is available in 'this'
+            Session.set( 'displayMessage', 'Welcome to mozdef.' )
+        }
+    } );
+};

meteor/client/loading.html

@@ -0,0 +1,3 @@
+<template name='loading'>
+        loading...
+</template>

meteor/client/main.js

@@ -5,11 +5,16 @@ import { Mongo } from 'meteor/mongo';
 import { Session } from 'meteor/session';
 import { _ } from 'meteor/underscore';
 import { Blaze } from 'meteor/blaze';
+import '/client/loading.html';
+import '/client/greeting.html';
+import '/client/greeting.js';
 import '/imports/settings.js';
 import '/imports/collections.js';
 import '/imports/helpers.js';
 import '/imports/models.js';
-import '/client/about.html';
+import '/client/mozdef.html';
+import '/client/layout.js';
+import '/client/router.js';
 import '/client/alertdetails.html';
 import '/client/alertdetails.js';
 import '/client/alertssummary.html';
@@ -54,11 +59,12 @@ import '/client/logincounts.html';
 import '/client/logincounts.js';
 import '/client/mozdefhealth.html';
 import '/client/mozdefhealth.js';
+import '/client/about.html';
 import '/client/nameplate.html';
 import '/client/nameplate.js';
 import '/client/verisTags.html';
 import '/client/preferences.html';
 import '/client/preferences.js'
-import '/client/router.js';
+import '/public/css/dropdowns.css';
 import '/client/mozdef.js';
 

meteor/client/menu.html

@@ -11,8 +11,7 @@
         <div id="header" class="row center">
             <span id="nav-main">
                 <ul>
-                    <li><img class="mozillalogo" src="/images/mozilla.svg"></li>
-                    <li><a class="mozdef" href="/" title="MOZDEF">MOZDEF</a></li>
+                    <li><a href="/">Home</a></li>
                     {{#if isFeature "kibana"}}
                         <li> <a target="_blank" href={{ resolveKibanaURL mozdef.kibanaURL }}>Kibana</a>
                             <ul>

meteor/client/menu.js

@@ -2,31 +2,36 @@ import { Meteor } from 'meteor/meteor';
 import { Template } from 'meteor/templating';
 import { Tracker } from 'meteor/tracker'
 
-Template.menu.rendered = function () {
-    Tracker.autorun(function() {
-        Meteor.subscribe("features");
-    });
+Template.menu.rendered = function() {
+    Tracker.autorun( function() {
+        Meteor.subscribe( "features" );
+    } );
 };
 
-Template.menu.helpers({
-    haveFeatures: function(){
+Template.menu.helpers( {
+    haveFeatures: function() {
         //subscription has records?
-        return features.find().count() >0;
+        return features.find().count() > 0;
     },
-    resolveKibanaURL: function(url){
+    resolveKibanaURL: function( url ) {
         // special function just for the menu
         // to adjust the kibana URL if we are told to make it 'relative'
         // to whatever DNS name we are running on
         // i.e. pass in http://relative:9090/app/kibana
         // when the running dns is something.com
         // and we will set the hostname to something.com instead of 'relative'
-        var kibanaURL = new URL(url);
-        if ( kibanaURL.hostname == 'relative' ){
+        var kibanaURL = new URL( url );
+        if ( kibanaURL.hostname == 'relative' ) {
             // we were passed something like  OPTIONS_METEOR_KIBANAURL=http://relative:9090/app/kibana
             // so lets figure out where we should be
-            dnsURL=new URL(document.URL);
+            dnsURL = new URL( document.URL );
             kibanaURL.hostname = dnsURL.hostname;
         }
         return kibanaURL;
+    },
+    // loads kibana dashboards
+    kibanadashboards: function() {
+        Meteor.call( 'loadKibanaDashboards' );
+        return kibanadashboards.find();
     }
-  });
+} );

meteor/client/mozdef.html

@@ -8,7 +8,7 @@
 <head>
     <meta name="viewport" content="width=1024">
     <link rel="shortcut icon" type="image/svg" href="/images/favicon.ico" />
-    <title>mozdef::mozilla defense platform</title>
+    <title>mozdef::mozilla enterprise defense platform</title>
 </head>
 
 <body>
@@ -17,52 +17,27 @@
 <!--begin layout templates-->
 <!--the main, simple layout for the router to target-->
 <template name="layout">
-    {{> menu}}
-
     {{#if loggingIn}}
         <div class="row center">
-            <div class="col-xs-5 col-xs-offset-3 alert alert-info alert-dismissible" role="alert">
-                <button type="button" class="close" data-dismiss="alert">
-                    <span aria-hidden="true">&times;</span>
-                    <span class="sr-only">Close</span>
-                </button>
+            <div class="col-xs-5 col-xs-offset-3 alert alert-info" role="alert">
                 <strong>loading</strong>
             </div>
         </div>
     {{else}}
         {{#if currentUser}}
-            {{>yield}}
+            {{> Template.dynamic template=menuName }}
+            {{> yield }}
+            {{> whoismodal}}
+            {{> dshieldmodal}}
+            {{> blockIPModal}}
+            {{> intelmodal}}
+            {{> blockFQDNModal}}
+            {{> watchItemModal}}
         {{else}}
-            <div class="row center">
-                <div class="col-xs-5 col-xs-offset-3 alert alert-info alert-dismissible" role="alert">
-                    <button type="button" class="close" data-dismiss="alert">
-                        <span aria-hidden="true">&times;</span>
-                        <span class="sr-only">Close</span>
-                    </button>
-                    <strong>Please login</strong>
-                </div>
-            </div>
+            {{> loginmenu}}
         {{/if}}
     {{/if}}
-
-    {{>whoismodal}}
-    {{>dshieldmodal}}
-    {{>blockIPModal}}
-    {{>intelmodal}}
-    {{>blockFQDNModal}}
-    {{>watchItemModal}}
-
 </template>
 
-<!--a nice greeting-->
-<template name="hello">
-    <div class="container">
-        <div class="row center">
-            <p class="welcome">{{greeting}}<br>Hand made by Mozilla</p>
-        </div>
-    </div>
-</template>
 
-<template name='loading'>
-    loading...
-</template>
+

meteor/client/mozdef.js

@@ -5,20 +5,9 @@ file, You can obtain one at http://mozilla.org/MPL/2.0/.
 Copyright (c) 2014 Mozilla Corporation
 */
 import { Meteor } from 'meteor/meteor';
-import { Template } from 'meteor/templating';
 import validator from 'validator';
-import '/imports/collections.js';
-import '/imports/settings.js';
-import '/imports/helpers.js';
-import '/client/js/jquery.highlight.js';
-import PNotify from 'pnotify';
 import 'pnotify/dist/pnotify.css';
-import './mozdef.html';
-import './menu.html';
-import './menu.js';
-import '/client/layout.js';
-import '/public/css/dropdowns.css';
-
+import PNotify from 'pnotify';
 
 
 if ( Meteor.isClient ) {
@@ -35,9 +24,9 @@ if ( Meteor.isClient ) {
         Session.set( 'blockIPipaddress', '' );
         Session.set( 'blockFQDN', '' );
         Session.set( 'watchItemwatchcontent', '' );
+        Session.set( 'menuname', 'menu' );
         getAllPlugins();
-        // use a default theme, overridden later by login per user
-        require( '/imports/themes/classic/mozdef.css' );
+
     } );
 
     prefs = function() {
@@ -170,29 +159,6 @@ if ( Meteor.isClient ) {
         return result
     };
 
-    Template.hello.helpers( {
-        greeting: function() {
-            if ( typeof console !== 'undefined' )
-                console.log( "mozdef starting" );
-            return "MozDef: The Mozilla Defense Platform";
-        }
-    } );
-
-    Template.hello.events( {
-        'click': function() {
-            // template data, if any, is available in 'this'
-            Session.set( 'displayMessage', 'Welcome & to mozdef.' )
-        }
-    } );
-
-    // loads kibana dashboards
-    Template.menu.helpers( {
-        kibanadashboards: function() {
-            Meteor.call( 'loadKibanaDashboards' );
-            return kibanadashboards.find();
-        }
-    } );
-
     UI.registerHelper( 'isFeature', function( featureName ) {
         return isFeature( featureName );
     } );
@@ -380,6 +346,10 @@ if ( Meteor.isClient ) {
         }
     } )
 
+    UI.registerHelper( 'menuName', function() {
+        return Session.get( 'menuname' );
+    } )
+
     //Notify messages for the UI
     Deps.autorun( function() {
         //set Session.set('displayMessage','title&text')
@@ -498,17 +468,30 @@ if ( Meteor.isClient ) {
 
                 } else {
                     //console.log( 'client found preferences', preferenceRecord );
-
                     // import the preferred theme elements
+                    // html must be 'imported' from somewhere other than the 'import'
+                    // directory (hence the duplicate themes directory)
                     if ( preferenceRecord.theme == 'Dark' ) {
                         require( '/imports/themes/dark/mozdef.css' );
                     } else if ( preferenceRecord.theme == 'Light' ) {
                         require( '/imports/themes/light/mozdef.css' )
+                    } else if ( preferenceRecord.theme == 'Dark Side Nav' ) {
+                        require( '/client/themes/side_nav_dark/menu.html' )
+                        require( '/imports/themes/side_nav_dark/menu.js' )
+                        Session.set( 'menuname', 'side_nav_menu' );
+                        require( '/imports/themes/side_nav_dark/mozdef.css' );
                     } else {
                         require( '/imports/themes/classic/mozdef.css' );
                     }
                 }
             } );
 
     } );
+
+    // finally,load the default starting point
+    // use a default theme and menu, overridden later by login per user preference
+    require( '/client/themes/none/menu-start.html' );
+    require( '/client/themes/none/menu-start.css' );
+    require( '/client/menu.html' );
+    require( '/client/menu.js' );
 }